Patch Tuesday, October 2016

Last updated at Thu, 27 Jul 2017 14:44:10 GMT

October continues a long running trend with Microsoft's products where the majority of bulletins (6) address remote code execution (RCE) followed by elevation of privilege (3) and information disclosure (1). All of this month's critical bulletins are remote code execution vulnerabilities, affecting a variety of products and platforms including Edge, Internet Explorer, Exchange, Microsoft Office, Office Services and Web Apps, Sharepoint as well as Windows (client and server).

While Microsoft continues actively working on resolving these issues, as witnessed in the overwhelming number of critical RCE bulletins, there is an ongoing battle in which they are unable to permanently address these vulnerabilities, which predominantly affect the consumer applications listed above. Unfortunately, this leads to one of the single largest attack vectors, consumers.

This month Microsoft resolves 49 vulnerabilities across 10 bulletins. For consumers MS16-118, MS16-119, MS16-120, MS16-121 and MS16-127 are the bulletins to watch out for, addressing 38 vulnerabilities. For server users no particular bulletin draws immediate attention enabling the majority of server admins to roll out patches at a fairly leisurely pace. Unfortunately, at this time 4 vulnerabilities addressed by MS16-118 (CVE-2016-3298), MS16-119 (CVE-2016-7189), MS16-120 (CVE-2016-3393), MS16-121 (CVE-2016-7193), MS16-126 (CVE-2016-3298) are known to have been be exploited in the wild.

Users should be wary of untrusted sources as maliciously crafted content could allow an attacker to remotely execute code in-order to gain the same rights as their user account. The best protection against these threats is to patch systems as quickly as possible. Administrators, be sure to review this month's bulletins and in accordance with your specific configuration, prioritize your deployment of this months' updates. At a minimum, ensure to patch systems affected by critical bulletins (MS16-118, MS16-119, MS16-120, MS16-122 and MS16-127).

• CVE-2016-3298 (MS16-118, MS16-126)
• CVE-2016-3267 (MS16-118, MS16-119)
• CVE-2016-3331 (MS16-118, MS16-119)
• CVE-2016-3382 (MS16-118, MS16-119)
• CVE-2016-3383 (MS16-118)
• CVE-2016-3384 (MS16-118)
• CVE-2016-3385 (MS16-118)
• CVE-2016-3387 (MS16-118, MS16-119)
• CVE-2016-3388 (MS16-118, MS16-119)
• CVE-2016-3390 (MS16-118, MS16-119)
• CVE-2016-3391 (MS16-118, MS16-119)
• CVE-2016-3386 (MS16-119)
• CVE-2016-3389 (MS16-119)
• CVE-2016-3392 (MS16-119)
• CVE-2016-7189 (MS16-119)
• CVE-2016-7190 (MS16-119)
• CVE-2016-7194 (MS16-119)
• CVE-2016-3209 (MS16-120)
• CVE-2016-3262 (MS16-120)
• CVE-2016-3263 (MS16-120)
• CVE-2016-3270 (MS16-120)
• CVE-2016-3393 (MS16-120)
• CVE-2016-3396 (MS16-120)
• CVE-2016-7182 (MS16-120)
• CVE-2016-7193 (MS16-121)
• CVE-2016-0142 (MS16-122)
• CVE-2016-3266 (MS16-123)
• CVE-2016-3341 (MS16-123)
• CVE-2016-3376 (MS16-123)
• CVE-2016-7185 (MS16-123)
• CVE-2016-7191 (MS16-123)
• CVE-2016-0070 (MS16-124)
• CVE-2016-0073 (MS16-124)
• CVE-2016-0075 (MS16-124)
• CVE-2016-0079 (MS16-124)
• CVE-2016-7188 (MS16-125)
• CVE-2016-4273 (MS16-127)
• CVE-2016-4286 (MS16-127)
• CVE-2016-6981 (MS16-127)
• CVE-2016-6982 (MS16-127)
• CVE-2016-6983 (MS16-127)
• CVE-2016-6984 (MS16-127)
• CVE-2016-6985 (MS16-127)
• CVE-2016-6986 (MS16-127)
• CVE-2016-6987 (MS16-127)
• CVE-2016-6989 (MS16-127)
• CVE-2016-6990 (MS16-127)
• CVE-2016-6991 (MS16-127)
• CVE-2016-6992 (MS16-127)